MANILA, PHILIPPINES — A new report by global cybersecurity firm Palo Alto Network’s Jay Chen dissects the new COVID-19 cloud threat landscape, citing that over 86,600 newly registered domains related to COVID-19 were classified as “high-risk” or “malicious.”
Researches analyzed up to 1.2 million newly registered domain names containing keywords related to COVID-19 from March 9 to April 25, 2020.
The United States has the highest number of malicious domains (at a whopping 29,007) followed by Italy (2,877), Germany (2,564), and Russia (2,456).
The researchers were only able to identify two risky domains in the Philippines, namely: covid19qpass.hopto.org and fcovid.ph.
The report also cites that the researchers “noticed that some malicious domains resolve to multiple IP addresses, and some IP addresses are associated with multiple domains. This many-to-many mapping often occurs in cloud environments due to the use of content delivery networks (CDNs) and can make IP-based firewalls ineffective.”
Other important findings in the report include:
- On average, 1,767 malicious COVID-19 themed domains are created every day.
- Adversaries are disguising malicious activities such as phishing and malware delivery in the cloud.
- The higher price and more rigorous screening/monitoring process are likely making malicious actors less willing to host malicious domains in public clouds.
Threats originating from the cloud can be more difficult to defend because malicious actors leverage the cloud resources to evade detection and amplify the attack, the report warns.
Organizations need to have a cloud-native security platform and a more advanced application-aware firewall to secure their environments.
“Cyber threats are evolving rapidly and leveraging real-world events to deceive victims. With COVID-19 driving a surge in cloud adoption, we see not only attacks targeting the cloud users but also threats originating from the cloud,” reads the report’s conclusion.
“With thousands of malicious domains coming online every day, it is imperative to protect every endpoint with continuous monitoring and automatic threat prevention tools because cloud-hosted applications and services are exposed to the same threats as non-cloud endpoints. The problem becomes even more complicated when working in a multi-cloud environment. Due to the complexity of cloud management, user-induced misconfigurations lead to the most security incidents. Cloud Native Security Platforms (CNSPs) help organizations monitor and secure resources across multiple cloud providers, workloads and hybrid cloud environments.”
Check out the rest of the report here